urlscan.io logo urlscan.io
SecurityTrails logo

research.thehalkiremedy.com Open in urlscan Pro
2606:4700:3036::681b:b46a  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://firsthealthforum.com/usrvisitor.php?nwlid=FH003B&ufwd=58&vid=72071022
Effective URL: https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Submission: On May 18 via manual from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 2 countries across 13 domains to perform 40 HTTP transactions. The main IP is 2606:4700:3036::681b:b46a, located in United States and belongs to CLOUDFLARENET, US. The main domain is research.thehalkiremedy.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on September 24th 2019. Valid for: a year.
This is the only time research.thehalkiremedy.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    204.77.9.130 (Las Vegas, United States)

ASN53340 (FIBERHUB, US)
PTR: www.firsthealthforum.com
firsthealthforum.com
1    50.23.130.135 (Seattle, United States)

ASN36351 (SOFTLAYER, US)
PTR: 87.82.1732.ip4.static.sl-reverse.com
bravo-mw.net
23    2606:4700:3036::681b:b46a (United States)

ASN13335 (CLOUDFLARENET, US)
research.thehalkiremedy.com
2    2606:4700::6810:85e5 (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
ajax.cloudflare.com
1    2a00:1450:4001:816::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:820::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:4001:815::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    50.23.130.133 (Seattle, United States)

ASN36351 (SOFTLAYER, US)
PTR: 85.82.1732.ip4.static.sl-reverse.com
display.spapi.com
1    23.111.9.35 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)
use.fontawesome.com
1    2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    173.192.183.237 (Seattle, United States)

ASN36351 (SOFTLAYER, US)
PTR: ed.b7.c0ad.ip4.static.sl-reverse.com
tracking.buygoods.com
3    2a00:1450:4001:81d::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
1    173.192.183.235 (Seattle, United States)

ASN36351 (SOFTLAYER, US)
PTR: buygoods.com
www.buygoods.com
1    2a00:1450:4001:81a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s.ytimg.com
Domain Requested by
23 research.thehalkiremedy.com research.thehalkiremedy.com
ajax.cloudflare.com
ajax.googleapis.com
3 www.google-analytics.com www.googletagmanager.com
2 www.youtube.com research.thehalkiremedy.com
s.ytimg.com
2 tracking.buygoods.com research.thehalkiremedy.com
tracking.buygoods.com
1 s.ytimg.com www.youtube.com
1 www.buygoods.com
1 www.googletagmanager.com ajax.cloudflare.com
1 use.fontawesome.com ajax.cloudflare.com
1 display.spapi.com ajax.cloudflare.com
1 ajax.googleapis.com ajax.cloudflare.com
1 fonts.gstatic.com research.thehalkiremedy.com
1 ajax.cloudflare.com research.thehalkiremedy.com
1 fonts.googleapis.com research.thehalkiremedy.com
1 cdnjs.cloudflare.com research.thehalkiremedy.com
1 bravo-mw.net 1 redirects
1 firsthealthforum.com 1 redirects
40 16

This site contains links to these domains. Also see Links.

Domain
www.buygoods.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2019-09-24 -
2020-09-23		 a year crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2		 2020-01-07 -
2020-10-09		 9 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-04-28 -
2020-07-21		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-04-28 -
2020-07-21		 3 months crt.sh
*.spapi.com
Go Daddy Secure Certificate Authority - G2		 2019-07-15 -
2021-07-15		 2 years crt.sh
*.fontawesome.com
DigiCert SHA2 Secure Server CA		 2019-10-28 -
2020-12-23		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-04-28 -
2020-07-21		 3 months crt.sh
clickcrm.com
DigiCert SHA2 Secure Server CA		 2020-03-27 -
2021-11-03		 2 years crt.sh
*.google.com
GTS CA 1O1		 2020-04-28 -
2020-07-21		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Frame ID: D0AEF2D428283A701F768DEBB66F9F25
Requests: 39 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rg9JTodAdGQ?autoplay=1&cc_load_policy=0&controls=0&disablekb=1&fs=0&playsinline=1&modestbranding=1&iv_load_policy=3&rel=0&showinfo=0&host=https%3A%2F%2Fwww.youtube.com&enablejsapi=1&origin=https%3A%2F%2Fresearch.thehalkiremedy.com&widgetid=1
Frame ID: 2A5186A56AEDF41DE51E9F64A3320380
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://firsthealthforum.com/usrvisitor.php?nwlid=FH003B&ufwd=58&vid=72071022 HTTP 302
    https://bravo-mw.net/5856/326/2/ HTTP 302
    https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]+bulma(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • html /<(?:param|embed|iframe)[^>]+youtube(?:-nocookie)?\.com\/(?:v|embed)/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • html /<script[^>]* src=[^>]+fontawesome(?:\.js)?/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

40
Requests

100 %
HTTPS

60 %
IPv6

13
Domains

16
Subdomains

13
IPs

2
Countries

1271 kB
Transfer

2124 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://firsthealthforum.com/usrvisitor.php?nwlid=FH003B&ufwd=58&vid=72071022 HTTP 302
    https://bravo-mw.net/5856/326/2/ HTTP 302
    https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

40 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
research.thehalkiremedy.com/
Redirect Chain
  • https://firsthealthforum.com/usrvisitor.php?nwlid=FH003B&ufwd=58&vid=72071022
  • https://bravo-mw.net/5856/326/2/?
  • https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
14 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aaac90a12878778dcb75718306782ce3f66d3276019503fcf0c4e11466030578

Request headers

:method
GET
:authority
research.thehalkiremedy.com
:scheme
https
:path
/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Mon, 18 May 2020 02:32:51 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d86de8fce0f83acd78876c4e79ba5c0631589769170; expires=Wed, 17-Jun-20 02:32:50 GMT; path=/; domain=.thehalkiremedy.com; HttpOnly; SameSite=Lax; Secure
x-robots-tag
noindex, nofollow, nosnippet
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
59522b84ea45d729-FRA
content-encoding
br
cf-request-id
02c739870f0000d729522ee200000001

Redirect headers

Server
nginx
Date
Mon, 18 May 2020 02:32:50 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Keep-Alive
timeout=2
Cache-Control
max-age=3600 private
Pragma
no-cache
Location
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Expires
Mon, 18 May 2020 03:32:50 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
bulma.min.css
cdnjs.cloudflare.com/ajax/libs/bulma/0.7.1/css/ 		155 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/bulma/0.7.1/css/bulma.min.css
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cc81b8d7a575ca78f75a08eefec714f342801163ac3b9ad12df572443b8ebfb4
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:51 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
8705664
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
02c7398920000005fd8d25b200000001
served-in-seconds
0.003
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:18:19 GMT
server
cloudflare
etag
W/"5afd48db-26c3b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
59522b883a0705fd-FRA
expires
Sat, 08 May 2021 02:32:51 GMT
extra.css
research.thehalkiremedy.com/c/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://research.thehalkiremedy.com/c/extra.css
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
250aebb8e6994f95e8daa4ae84a4d30f3d644c7c1d33c78a3c679b2409faf14f

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:51 GMT
content-encoding
br
cf-cache-status
REVALIDATED
cf-polished
origSize=6308
cf-ray
59522b883f36d729-FRA
status
200
cf-request-id
02c73989200000d7295230b200000001
last-modified
Tue, 01 Oct 2019 12:41:28 GMT
server
cloudflare
etag
W/"61aa058-18a4-593d8abccdf7d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=14400
x-robots-tag
noindex, nofollow, nosnippet
cf-bgj
minify
css
fonts.googleapis.com/ 		799 B
488 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Raleway:900
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e6b78a3b2b84bd50ec0bd967d247c6884862fe40765bf6160e383c4fe49951df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 18 May 2020 02:32:51 GMT
server
ESF
date
Mon, 18 May 2020 02:32:51 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 18 May 2020 02:32:51 GMT
headblock_fb.png
research.thehalkiremedy.com/i/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/headblock_fb.png
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c43360ecb439736afc6ed58d30d942d0b8c127bb57e11fd6a0c063d2e46febf

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:51 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 01 Oct 2019 12:47:30 GMT
server
cloudflare
etag
"61aa1d4-1294-593d8c1626583"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
59522b883f39d729-FRA
content-length
4756
cf-request-id
02c73989210000d7295230e200000001
x-robots-tag
noindex, nofollow, nosnippet
cards.jpg
research.thehalkiremedy.com/i/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/cards.jpg
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1eec8d12d86b16c01e84efb9a13ea9eebc4421adcfe7007ada57e1c9201d900d

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:51 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 01 Oct 2019 12:46:35 GMT
server
cloudflare
etag
"61aa117-3f94-593d8be1f8f2c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
59522b883f3bd729-FRA
content-length
16276
cf-request-id
02c73989210000d7295230f200000001
x-robots-tag
noindex, nofollow, nosnippet
email-decode.min.js
research.thehalkiremedy.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
870 B 		Script
General
Check archive.org
Download Go to
Full URL
https://research.thehalkiremedy.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Tue, 12 May 2020 16:13:55 GMT
server
cloudflare
etag
W/"5ebacb43-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
cache-control
max-age=172800, public
cf-ray
59522b883f38d729-FRA
cf-request-id
02c73989210000d7295230d200000001
expires
Wed, 20 May 2020 02:32:51 GMT
ticket.png
research.thehalkiremedy.com/i/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/ticket.png
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77266cd1df79a3e8c9067612fcd189d17781f60e5ebe8838c77ddfc8b039569c

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:51 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 01 Oct 2019 13:07:31 GMT
server
cloudflare
etag
"61aa1ca-4f6c-593d908f7ccd8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
59522b883f3dd729-FRA
content-length
20332
cf-request-id
02c73989210000d72952310200000001
x-robots-tag
noindex, nofollow, nosnippet
ba2.jpg
research.thehalkiremedy.com/i/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/ba2.jpg
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2dc53625941564c757e054d5e1126224664bea60cd0a908e8277cf58448e228d

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:51 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 01 Oct 2019 12:46:21 GMT
server
cloudflare
etag
"61aa0e4-369e-593d8bd508c25"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
59522b883f3ed729-FRA
content-length
13982
cf-request-id
02c73989210000d72952311200000001
x-robots-tag
noindex, nofollow, nosnippet
ba1.jpg
research.thehalkiremedy.com/i/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/ba1.jpg
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d9b12ae41d0846ff9eb42fb1262c6f03f545fa1ac57aed450bc116aa909d7cf

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:51 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 01 Oct 2019 12:46:21 GMT
server
cloudflare
etag
"61aa0e3-3854-593d8bd4adf0d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
59522b883f3fd729-FRA
content-length
14420
cf-request-id
02c73989210000d72952312200000001
x-robots-tag
noindex, nofollow, nosnippet
rocket-loader.min.js
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:51 GMT
content-encoding
gzip
last-modified
Tue, 12 May 2020 16:13:55 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"5ebacb43-3016"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=172800, public
strict-transport-security
max-age=15780000; includeSubDomains
cf-ray
59522b883a0b05fd-FRA
cf-request-id
02c7398921000005fd8d25c200000001
expires
Wed, 20 May 2020 02:32:51 GMT
loading-video.gif
research.thehalkiremedy.com/i/ 		141 KB
142 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/loading-video.gif
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da04055d4da4a70d7740344a6bd08156a9fdb5cd9cbcc3e181caf8cdc2627809

Request headers

Referer
https://research.thehalkiremedy.com/c/extra.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:52 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 01 Oct 2019 12:46:59 GMT
server
cloudflare
etag
"61aa14e-234dc-593d8bf8946df"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
59522b8adb15d729-FRA
content-length
144604
cf-request-id
02c7398ac40000d7295233f200000001
x-robots-tag
noindex, nofollow, nosnippet
video-sound.png
research.thehalkiremedy.com/i/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/video-sound.png
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a8d400c2d2c4887b60950795d7a066333957febede24991378c3ecbd6ea2181

Request headers

Referer
https://research.thehalkiremedy.com/c/extra.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:52 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 01 Oct 2019 12:47:27 GMT
server
cloudflare
etag
"61aa1c6-5a0d-593d8c137eabb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
59522b8adb17d729-FRA
content-length
23053
cf-request-id
02c7398ac40000d72952340200000001
x-robots-tag
noindex, nofollow, nosnippet
video-cover.jpg
research.thehalkiremedy.com/i/ 		96 KB
97 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/video-cover.jpg
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
028e9d1ee77c9f501b8badeade9dd090a31a1cf07dff2fa2896865e86b2ec184

Request headers

Referer
https://research.thehalkiremedy.com/c/extra.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:52 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 01 Oct 2019 12:47:24 GMT
server
cloudflare
etag
"61aa1b7-181ff-593d8c103a049"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
59522b8adb18d729-FRA
content-length
98815
cf-request-id
02c7398ac40000d72952341200000001
x-robots-tag
noindex, nofollow, nosnippet
1Ptrg8zYS_SKggPNwK4vWqZPANqczVs.woff2
fonts.gstatic.com/s/raleway/v14/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v14/1Ptrg8zYS_SKggPNwK4vWqZPANqczVs.woff2
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9c695acb1fb9e1a8739e6ae5621d41fc1ff3d13bbf370ea9c1fc95e879109890
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Raleway:900
Origin
https://research.thehalkiremedy.com

Response headers

date
Fri, 10 Apr 2020 03:52:47 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:47:41 GMT
server
sffe
age
3278404
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13564
x-xss-protection
0
expires
Sat, 10 Apr 2021 03:52:47 GMT
external-index-final.js
research.thehalkiremedy.com/j/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://research.thehalkiremedy.com/j/external-index-final.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57cdf3132168fac81f7669fab42c999823660456b62f127847b405a698b06fc2

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:52 GMT
content-encoding
br
cf-cache-status
REVALIDATED
cf-polished
origSize=6687
cf-ray
59522b8c9d8fd729-FRA
status
200
cf-request-id
02c7398be20000d7295235c200000001
last-modified
Fri, 18 Oct 2019 03:41:38 GMT
server
cloudflare
etag
W/"61ad154-1a1f-595271c886a2d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=14400
x-robots-tag
noindex, nofollow, nosnippet
cf-bgj
minify
bounceback.js
research.thehalkiremedy.com/j/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://research.thehalkiremedy.com/j/bounceback.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b274aecb3c7219a83b291d421e00df46351f0838fdba6b27216dc6f1f84919b2

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:52 GMT
content-encoding
br
cf-cache-status
REVALIDATED
cf-polished
origSize=9100
cf-ray
59522b8cad93d729-FRA
status
200
cf-request-id
02c7398be40000d7295235d200000001
last-modified
Tue, 01 Oct 2019 12:48:10 GMT
server
cloudflare
etag
W/"61aa274-238c-593d8c3c963b8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=14400
x-robots-tag
noindex, nofollow, nosnippet
cf-bgj
minify
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 06 May 2020 04:26:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1029997
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30399
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 May 2021 04:26:14 GMT
disclaimer
display.spapi.com/v1/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://display.spapi.com/v1/disclaimer?id=disclaimer&account_id=5852&background=white
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
50.23.130.133 Seattle, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
85.82.1732.ip4.static.sl-reverse.com
Software
/ Express
Resource Hash
64f7e898e72e091a8b29207209f7ec824c2905f26a9e9b9760ffeb8cda002d9b

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 18 May 2020 02:32:52 GMT
Cache-control
private
Access-Control-Allow-Credentials
true
X-Powered-By
Express
Content-Length
1133
Access-Control-Allow-Methods
GET, POST, OPTIONS, PUT, PATCH, DELETE
all.js
use.fontawesome.com/releases/v5.1.0/js/ 		893 KB
370 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.1.0/js/all.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
566d12cf66ff3d64ed100bdf634ce4b2de1dfa8ce38006f1b50912594865c1ae

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:52 GMT
content-encoding
gzip
last-modified
Wed, 20 Jun 2018 20:19:20 GMT
server
NetDNA-cache/2.2
status
200
etag
W/"004993df80280fa6c4af6ca17c4e5433"
vary
Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
3000
cache-control
max-age=31556926
x-cache
HIT
js
www.googletagmanager.com/gtag/ 		82 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-129095905-3
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
45892720b77ff725341efd120e64bf3686c18872cf4b4cc76f8c2d6be6600eb8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:51 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33121
x-xss-protection
0
last-modified
Mon, 18 May 2020 00:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 18 May 2020 02:32:51 GMT
/
tracking.buygoods.com/track/ 		547 B
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tracking.buygoods.com/track/?a=5852&firstcookie=0&referrer=&product=halki_remedy&sessid2=
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
173.192.183.237 Seattle, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
ed.b7.c0ad.ip4.static.sl-reverse.com
Software
nginx / PHP/7.1.3
Resource Hash
986d266e7bbaa3366badf789acb2c32fbfb93354dc32b2e2b9828bde1a68410f

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 18 May 2020 02:32:52 GMT
Content-Encoding
gzip
Server
nginx
X-Powered-By
PHP/7.1.3
Vary
Accept-Encoding
P3P
CP="CAO COR CURa ADMa DEVa OUR IND ONL COM DEM PRE"
Cache-Control
no-cache, must-revalidate
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Keep-Alive
timeout=2
Expires
Tue, Jan 12 1999 01:01:01 GMT
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-129095905-3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 30 Apr 2020 21:54:13 GMT
server
Golfe2
age
5793
date
Mon, 18 May 2020 00:56:19 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18433
expires
Mon, 18 May 2020 02:56:19 GMT
collect
www.google-analytics.com/r/ 		35 B
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j82&a=629263724&t=pageview&_s=1&dl=https%3A%2F%2Fresearch.thehalkiremedy.com%2F%3Faff_id%3D26%26subid2%3D5856_sessid20200518023218448%26subid%3D326&ul=en-us&de=UTF-8&dt=(1)%2048%20Year%20Old%20Mom%20Fixed%20High%20Blood%20Sugar%20With%20Simple%2060-Second%20Habit!&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=953195651&gjid=1729935604&cid=1118124422.1589769172&tid=UA-129095905-3&_gid=1390379549.1589769172&_r=1&gtm=2ou561&z=26350359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 18 May 2020 02:32:52 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
96 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j82&a=629263724&t=timing&_s=2&dl=https%3A%2F%2Fresearch.thehalkiremedy.com%2F%3Faff_id%3D26%26subid2%3D5856_sessid20200518023218448%26subid%3D326&ul=en-us&de=UTF-8&dt=(1)%2048%20Year%20Old%20Mom%20Fixed%20High%20Blood%20Sugar%20With%20Simple%2060-Second%20Habit!&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&plt=3597&pdt=1&dns=28&rrt=2150&srt=521&tcp=22&dit=3433&clt=3440&_gst=3623&_gbt=3636&_cst=3598&_cbt=3608&_u=IEBAAUAB~&jid=&gjid=&cid=1118124422.1589769172&tid=UA-129095905-3&_gid=1390379549.1589769172&z=861611824
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Apr 2020 02:38:49 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
3282843
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
iframe_api
www.youtube.com/ 		859 B
926 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/j/external-index-final.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
07a0a28a57c28d68fa79571c26f2bc5e1c30155e000027aa0819c59e07295cdf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:52 GMT
x-content-type-options
nosniff
server
YouTube Frontend Proxy
content-type
application/javascript
status
200
cache-control
no-cache
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
859
x-xss-protection
0
expires
Tue, 27 Apr 1971 19:44:06 GMT
video-sound.png
research.thehalkiremedy.com/i/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/video-sound.png
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/j/external-index-final.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a8d400c2d2c4887b60950795d7a066333957febede24991378c3ecbd6ea2181

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:52 GMT
cf-cache-status
HIT
age
0
cf-ray
59522b91acf7d729-FRA
status
200
content-length
23053
cf-request-id
02c7398f050000d7295238a200000001
last-modified
Tue, 01 Oct 2019 12:47:27 GMT
server
cloudflare
etag
"61aa1c6-5a0d-593d8c137eabb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
x-robots-tag
noindex, nofollow, nosnippet
video-cover.jpg
research.thehalkiremedy.com/i/ 		96 KB
97 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/video-cover.jpg
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/j/external-index-final.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
028e9d1ee77c9f501b8badeade9dd090a31a1cf07dff2fa2896865e86b2ec184

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:52 GMT
cf-cache-status
HIT
age
0
cf-ray
59522b91acf9d729-FRA
status
200
content-length
98815
cf-request-id
02c7398f050000d7295238b200000001
last-modified
Tue, 01 Oct 2019 12:47:24 GMT
server
cloudflare
etag
"61aa1b7-181ff-593d8c103a049"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
x-robots-tag
noindex, nofollow, nosnippet
ticket.png
research.thehalkiremedy.com/i/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/ticket.png
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/j/external-index-final.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77266cd1df79a3e8c9067612fcd189d17781f60e5ebe8838c77ddfc8b039569c

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:52 GMT
cf-cache-status
HIT
age
1
cf-ray
59522b91acfdd729-FRA
status
200
content-length
20332
cf-request-id
02c7398f060000d7295238c200000001
last-modified
Tue, 01 Oct 2019 13:07:31 GMT
server
cloudflare
etag
"61aa1ca-4f6c-593d908f7ccd8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
x-robots-tag
noindex, nofollow, nosnippet
ba1.jpg
research.thehalkiremedy.com/i/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/ba1.jpg
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/j/external-index-final.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d9b12ae41d0846ff9eb42fb1262c6f03f545fa1ac57aed450bc116aa909d7cf

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:52 GMT
cf-cache-status
HIT
age
1
cf-ray
59522b91acffd729-FRA
status
200
content-length
14420
cf-request-id
02c7398f060000d7295238d200000001
last-modified
Tue, 01 Oct 2019 12:46:21 GMT
server
cloudflare
etag
"61aa0e3-3854-593d8bd4adf0d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
x-robots-tag
noindex, nofollow, nosnippet
ba2.jpg
research.thehalkiremedy.com/i/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/ba2.jpg
Requested by
Host: research.thehalkiremedy.com
URL: https://research.thehalkiremedy.com/j/external-index-final.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2dc53625941564c757e054d5e1126224664bea60cd0a908e8277cf58448e228d

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:52 GMT
cf-cache-status
HIT
age
1
cf-ray
59522b91ad00d729-FRA
status
200
content-length
13982
cf-request-id
02c7398f060000d7295238e200000001
last-modified
Tue, 01 Oct 2019 12:46:21 GMT
server
cloudflare
etag
"61aa0e4-369e-593d8bd508c25"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
x-robots-tag
noindex, nofollow, nosnippet
video-start.png
research.thehalkiremedy.com/i/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/video-start.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41bdc4d5173898e0a7c218f4c2951a4d6c9a11573f0d1310d37e26fa9d2a85be

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:53 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 01 Oct 2019 12:47:27 GMT
server
cloudflare
etag
"61aa1c7-92bc-593d8c13c28a6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
59522b91ad04d729-FRA
content-length
37564
cf-request-id
02c7398f070000d7295238f200000001
x-robots-tag
noindex, nofollow, nosnippet
video-finished.jpg
research.thehalkiremedy.com/i/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/video-finished.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
83facf10c0c4ca77f6983283e246c1be9e983cc28f80cb535f6908d63655db51

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:53 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 01 Oct 2019 12:47:23 GMT
server
cloudflare
etag
"61aa1b8-7cf7-593d8c1023503"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
59522b91ad05d729-FRA
content-length
31991
cf-request-id
02c7398f070000d72952390200000001
x-robots-tag
noindex, nofollow, nosnippet
discount-popup.png
research.thehalkiremedy.com/i/ 		39 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/discount-popup.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f060e3e37cd63fb99fe919536c6c9e8cbc5ffc0b728b16a7f9c247a73ec20791

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:53 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 01 Oct 2019 12:47:28 GMT
server
cloudflare
etag
"61aa1cb-9b2f-593d8c1461b78"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
59522b91ad06d729-FRA
content-length
39727
cf-request-id
02c7398f070000d72952391200000001
x-robots-tag
noindex, nofollow, nosnippet
dim-popup.jpg
research.thehalkiremedy.com/i/ 		88 KB
88 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/dim-popup.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8415837c8ffb10a1f6e49fb6cd25675f99d5db0f454d84e2f4dbdc64199b5fd

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:53 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 01 Oct 2019 12:46:38 GMT
server
cloudflare
etag
"61aa122-15f00-593d8be4752a8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
59522b91ad07d729-FRA
content-length
89856
cf-request-id
02c7398f070000d72952392200000001
x-robots-tag
noindex, nofollow, nosnippet
buygoods_black.png
www.buygoods.com/images/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.buygoods.com/images/buygoods_black.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
173.192.183.235 Seattle, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
buygoods.com
Software
nginx /
Resource Hash
ff275d0907ee3185c117355cad64b0ded33ff9b98422ba6877fc50e7c1f7bb52
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 18 May 2020 02:32:53 GMT
Last-Modified
Tue, 12 Sep 2017 06:30:00 GMT
Server
nginx
ETag
"59b77ee8-257c"
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Cache-Control
max-age=315360000
Accept-Ranges
bytes
Keep-Alive
timeout=2
Content-Length
9596
Expires
Thu, 31 Dec 2037 23:55:55 GMT
www-widgetapi.js
s.ytimg.com/yts/jsbin/www-widgetapi-vflZIrlU7/ 		67 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.ytimg.com/yts/jsbin/www-widgetapi-vflZIrlU7/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/iframe_api
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7999c16d5edae90e6646d1db5d1374eeb7799e9bbbab7fb2be2c9e1ab0c4da77
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 17 May 2020 10:43:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
56971
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25045
x-xss-protection
0
last-modified
Thu, 14 May 2020 06:05:49 GMT
server
sffe
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=691200
accept-ranges
bytes
timing-allow-origin
https://www.youtube.com
expires
Mon, 25 May 2020 10:43:21 GMT
rg9JTodAdGQ
www.youtube.com/embed/ Frame 2A51 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/rg9JTodAdGQ?autoplay=1&cc_load_policy=0&controls=0&disablekb=1&fs=0&playsinline=1&modestbranding=1&iv_load_policy=3&rel=0&showinfo=0&host=https%3A%2F%2Fwww.youtube.com&enablejsapi=1&origin=https%3A%2F%2Fresearch.thehalkiremedy.com&widgetid=1
Requested by
Host: s.ytimg.com
URL: https://s.ytimg.com/yts/jsbin/www-widgetapi-vflZIrlU7/www-widgetapi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.youtube.com
:scheme
https
:path
/embed/rg9JTodAdGQ?autoplay=1&cc_load_policy=0&controls=0&disablekb=1&fs=0&playsinline=1&modestbranding=1&iv_load_policy=3&rel=0&showinfo=0&host=https%3A%2F%2Fwww.youtube.com&enablejsapi=1&origin=https%3A%2F%2Fresearch.thehalkiremedy.com&widgetid=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326

Response headers

status
200
content-encoding
br
expires
Tue, 27 Apr 1971 19:44:06 GMT
x-content-type-options
nosniff
cache-control
no-cache
content-type
text/html; charset=utf-8
strict-transport-security
max-age=31536000
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
date
Mon, 18 May 2020 02:32:52 GMT
server
YouTube Frontend Proxy
x-xss-protection
0
set-cookie
VISITOR_INFO1_LIVE=xGdTZGi8ZBY; path=/; domain=.youtube.com; secure; expires=Sat, 14-Nov-2020 02:32:52 GMT; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Mon, 18-May-2020 03:02:52 GMT YSC=uq-J9IRbT1w; path=/; domain=.youtube.com; secure; httponly; samesite=None VISITOR_INFO1_LIVE=xGdTZGi8ZBY; path=/; domain=.youtube.com; secure; expires=Sat, 14-Nov-2020 02:32:52 GMT; httponly; samesite=None
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
/
tracking.buygoods.com/track/ 		4 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tracking.buygoods.com/track/?a=5852&firstcookie=0&referrer=&product=halki_remedy&sessid2=&caller_url=https%3A%2F%2Fresearch.thehalkiremedy.com%2F%3Faff_id%3D26%26subid2%3D5856_sessid20200518023218448%26subid%3D326
Requested by
Host: tracking.buygoods.com
URL: https://tracking.buygoods.com/track/?a=5852&firstcookie=0&referrer=&product=halki_remedy&sessid2=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
173.192.183.237 Seattle, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
ed.b7.c0ad.ip4.static.sl-reverse.com
Software
nginx / PHP/7.1.3
Resource Hash
986f1bd880252ded3a6625b2290c9c4b1b3ac462e074fa4a18d67004554f7682

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 18 May 2020 02:32:54 GMT
Server
nginx
X-Powered-By
PHP/7.1.3
Transfer-Encoding
chunked
P3P
CP="CAO COR CURa ADMa DEVa OUR IND ONL COM DEM PRE"
Cache-Control
no-cache, must-revalidate
Content-Type
application/javascript
Keep-Alive
timeout=2
Expires
Tue, Jan 12 1999 01:01:01 GMT
video-start.png
research.thehalkiremedy.com/i/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.thehalkiremedy.com/i/video-start.png
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:b46a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41bdc4d5173898e0a7c218f4c2951a4d6c9a11573f0d1310d37e26fa9d2a85be

Request headers

Referer
https://research.thehalkiremedy.com/?aff_id=26&subid2=5856_sessid20200518023218448&subid=326
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 02:32:53 GMT
cf-cache-status
HIT
age
0
cf-ray
59522b973d21d729-FRA
status
200
content-length
37564
cf-request-id
02c73992850000d729523c4200000001
last-modified
Tue, 01 Oct 2019 12:47:27 GMT
server
cloudflare
etag
"61aa1c7-92bc-593d8c13c28a6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
x-robots-tag
noindex, nofollow, nosnippet

Verdicts & Comments Add Verdict or Comment

78 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| __cfQR function| gtag object| dataLayer string| mysrc object| newScript object| s function| ReadCookie object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| $ function| jQuery object| Bounceback number| na number| np number| sc number| muteStatus number| c object| tag object| firstScriptTag object| player function| onYouTubeIframeAPIReady function| onPlayerReady function| onPlayerStateChange function| preload function| setCookie function| getCookie function| displayLink string| message function| clickIE function| clickNS function| updateTimerDisplay function| formatTime function| updateProgressBar boolean| __cfRLUnblockHandlers object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome object| YT object| YTConfig function| onYTReady object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ytPubsubPubsubInstance object| ytPubsubPubsubSubscribedKeys object| ytPubsubPubsubTopicToKeys object| ytPubsubPubsubIsSynchronous object| ytLoggingTransportLogPayloadsQueue_ object| ytLoggingTransportGELQueue_ object| ytLoggingTransportTokensToCttTargetIds_ object| ytLoggingGelSequenceIdObj_ object| spitoday object| spiexpire function| SPIGetDomainName string| hostname object| spi_myNodelist number| spi_i string| spi_pattern_enc_bg string| spi_pattern_base_bg string| spi_replace_str_bg string| spi_pattern_enc_spi string| spi_pattern_base_spi string| spi_replace_str_spi string| spi_pattern_enc_cbd string| spi_pattern_base_cbd string| spi_replace_str_cbd string| spi_replace_enc_cbd string| spi_replace_enc_bg string| spi_replace_enc_spi string| spi_track_link

1 Cookies

Domain/Path Name / Value
.thehalkiremedy.com/ Name: __cfduid
Value: d86de8fce0f83acd78876c4e79ba5c0631589769170

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.cloudflare.com
ajax.googleapis.com
bravo-mw.net
cdnjs.cloudflare.com
display.spapi.com
firsthealthforum.com
fonts.googleapis.com
fonts.gstatic.com
research.thehalkiremedy.com
s.ytimg.com
tracking.buygoods.com
use.fontawesome.com
www.buygoods.com
www.google-analytics.com
www.googletagmanager.com
www.youtube.com
173.192.183.235
173.192.183.237
204.77.9.130
23.111.9.35
2606:4700:3036::681b:b46a
2606:4700::6810:85e5
2a00:1450:4001:800::2008
2a00:1450:4001:806::200e
2a00:1450:4001:815::200a
2a00:1450:4001:816::200a
2a00:1450:4001:81a::200e
2a00:1450:4001:81d::200e
2a00:1450:4001:820::2003
50.23.130.133
50.23.130.135
028e9d1ee77c9f501b8badeade9dd090a31a1cf07dff2fa2896865e86b2ec184
07a0a28a57c28d68fa79571c26f2bc5e1c30155e000027aa0819c59e07295cdf
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1eec8d12d86b16c01e84efb9a13ea9eebc4421adcfe7007ada57e1c9201d900d
250aebb8e6994f95e8daa4ae84a4d30f3d644c7c1d33c78a3c679b2409faf14f
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2dc53625941564c757e054d5e1126224664bea60cd0a908e8277cf58448e228d
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
41bdc4d5173898e0a7c218f4c2951a4d6c9a11573f0d1310d37e26fa9d2a85be
45892720b77ff725341efd120e64bf3686c18872cf4b4cc76f8c2d6be6600eb8
4c43360ecb439736afc6ed58d30d942d0b8c127bb57e11fd6a0c063d2e46febf
4d9b12ae41d0846ff9eb42fb1262c6f03f545fa1ac57aed450bc116aa909d7cf
566d12cf66ff3d64ed100bdf634ce4b2de1dfa8ce38006f1b50912594865c1ae
57cdf3132168fac81f7669fab42c999823660456b62f127847b405a698b06fc2
5a8d400c2d2c4887b60950795d7a066333957febede24991378c3ecbd6ea2181
64f7e898e72e091a8b29207209f7ec824c2905f26a9e9b9760ffeb8cda002d9b
77266cd1df79a3e8c9067612fcd189d17781f60e5ebe8838c77ddfc8b039569c
7999c16d5edae90e6646d1db5d1374eeb7799e9bbbab7fb2be2c9e1ab0c4da77
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83facf10c0c4ca77f6983283e246c1be9e983cc28f80cb535f6908d63655db51
986d266e7bbaa3366badf789acb2c32fbfb93354dc32b2e2b9828bde1a68410f
986f1bd880252ded3a6625b2290c9c4b1b3ac462e074fa4a18d67004554f7682
9c695acb1fb9e1a8739e6ae5621d41fc1ff3d13bbf370ea9c1fc95e879109890
aaac90a12878778dcb75718306782ce3f66d3276019503fcf0c4e11466030578
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
b274aecb3c7219a83b291d421e00df46351f0838fdba6b27216dc6f1f84919b2
cc81b8d7a575ca78f75a08eefec714f342801163ac3b9ad12df572443b8ebfb4
d8415837c8ffb10a1f6e49fb6cd25675f99d5db0f454d84e2f4dbdc64199b5fd
da04055d4da4a70d7740344a6bd08156a9fdb5cd9cbcc3e181caf8cdc2627809
e6b78a3b2b84bd50ec0bd967d247c6884862fe40765bf6160e383c4fe49951df
f060e3e37cd63fb99fe919536c6c9e8cbc5ffc0b728b16a7f9c247a73ec20791
ff275d0907ee3185c117355cad64b0ded33ff9b98422ba6877fc50e7c1f7bb52